Closed rshadow closed 8 years ago
If you need something like this you can of course use Mojo::Template directly. That said, this is just begging to get sql-injection-attacked by people who don't understand what that is. I'm going to preemptively close this as I would see it as nearly a security issue if Mojo::Pg allowed this.
Suggested approach could also use placeholders instead of directly using values.
Placeholders already exist. The only reason I can imagine for using templates is to do things that placeholders do not allow, like picking a column name dynamically for example (as the OP does).
@jberger You're right about the sql-injection, so you can not directly use the Mojo::Template. It needs a hack to replace the values in the ?
.
If I try to make these templates. What namespace is better to use for the package?
I highly HIGHLY recommend prototyping this off of CPAN (as in, try it in a real application before putting it online). I consider any exploration of this kind of module to be really dangerous. Anyway this isn't the right place to discuss a new module, please either continue it on the universe mailing list (brand new!) https://groups.google.com/forum/#!forum/mojolicious-universe or else on prepan.
How about addon to use .ep templates for queries? Example of named parameters:
Full support for perl will make it possible to build queries: